Skip to main content

PkiEnvironment

wire_e2e_identity::pki_env

Struct PkiEnvironment 

Source 
pub struct PkiEnvironment { /* private fields */ }
Expand description

The PKI environment which can be initialized independently from a CoreCrypto session.

Implementations§

Source§

impl PkiEnvironment

Source

pub async fn fetch_crls( &self, uris: impl Iterator<Item = &str>, ) -> Result<HashMap<String, Vec<u8>>>

Fetch certificate revocation lists from the given URIs, return a map from the URLs to a DER-encoded certificate list.

Source

pub async fn save_crl(&self, crl_dp: &str, crl_der: &[u8]) -> Result<()>

Validate the CRL (trust anchors must be configured prior to this) and save it to the database.

Source§

impl PkiEnvironment

Source

pub async fn new( hooks: Arc<dyn PkiEnvironmentHooks>, database: Database, ) -> Result<PkiEnvironment>

Create a new PKI Environment

Source

pub async fn get_trust_anchors(&self) -> Vec<Certificate>

Return certificates that are used as trust anchors.

Source

pub fn hooks(&self) -> Arc<dyn PkiEnvironmentHooks>

Get the hooks.

Source

pub fn database(&self) -> &Database

Get the database.

Source

pub async fn add_trust_anchor(&self, cert: Certificate) -> Result<()>

Adds the certificate as a trust anchor to the PKI environment.

The certificate is saved to the database, and included in the PKI environment for future validation.

§Caution

Adding a trust anchor will replace any existing trust anchor. This limitation will be relaxed in the future.

Source

pub async fn add_intermediate_cert(&self, cert: Certificate) -> Result<()>

Adds the certificate to the PKI environment.

The certificate is saved to the database, and included in the PKI environment for future validation.

CRL (Certificate Revocation List) distribution points are extracted from the certificate and an attempt is made to fetch a CRL from each one.

Source

pub async fn validate_cert( &self, cert: &Certificate, ) -> RustyX509CheckResult<()>

Validate an end-entity X509 certificate.

Performs validation of the provided certificate in the context defined by the set of trust anchors and intermediate certificates contained in this PKI environment. Revocation check is performed and time of interest is set to the time of the call.

Source

pub async fn validate_credential<'a>( &'a self, credential: CredentialRef<'a>, ) -> CredentialAuthenticationStatus

Validate an X509 credential.

§Panics

Panics if the provided credential is not of type X509.

Trait Implementations§

Source§

impl Debug for PkiEnvironment

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> ErasedDestructor for T
where T: 'static,

§

impl<T> MaybeSendSync for T